Critical Vulnerability in Palo Alto Networks Products

Background 

Palo Alto Networks has identified a critical vulnerability (CVE-2026-0257) affecting the GlobalProtect portal, gateway of Palo Alto Networks PAN-OS software and Prisma Access. This vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 9.1 out of 10.

Impact

Successful exploitation of this authentication bypass vulnerability could allow a remote unauthenticated attacker to bypass security restrictions and establish an unauthorised VPN connection.

Known Exploitation

This vulnerability is being actively exploited in the wild.

Affected Products

This vulnerability affects the following product versions.

PAN-OS:

• PAN-OS 12.1: Versions prior to 12.1.4-h6 and 12.1.7

• PAN-OS 11.2: Versions prior to 11.2.4-h17, 11.2.7-h14, 11.2.10-h7 and 11.2.12

• PAN-OS 11.1: Versions prior to 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5 and 11.1.15

• PAN-OS 10.2: Versions prior to 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7 and 10.2.18-h6

Prisma Access:

• Prisma Access 11.2: Versions prior to 11.2.7-h13

• Prisma Access 10.2: Versions prior to 10.2.10-h36

Panorama and Cloud NGFW are not impacted by this vulnerability.

Recommendations

Users and administrators of affected product versions are advised to update to the latest versions immediately.  Those running unsupported PAN-OS versions should upgrade to a supported fixed release.

Until patches are applied, administrators are advised to implement one or more of the following mitigation measures:

• Use a dedicated certificate for Authentication Override cookies

• Disable Authentication Override

References 

https://nvd.nist.gov/vuln/detail/cve-2026-0257

https://security.paloaltonetworks.com/CVE-2026-0257

https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html